Slope, based in Solana, said on Thursday that there is no "conclusive evidence" linking its mobile wallet's loophole to Solana's recent breach, despite the fact that 1,400 wallets connected to the loophole were drained.
According to the platform, a flaw in its mobile wallet's error-reporting program, Sentry, could "inadvertently log sensitive data" when the wallet app crashes.
This comes after a preliminary investigation by the blockchain security firm OtterSec revealed that Slope's anomaly logs transmitted to servers record the seed keys — the key to the cryptocurrency wallet — in an unencrypted manner, which anyone with access to the server could see.
However, the company claims that all information transmitted to the central server is encrypted end-to-end, meaning that only those with the decryption key can read it correctly. In addition, the central server controls access with three-factor authentication.
Slope stated that there was no evidence that all layers of security had been breached. In general, cybersecurity protection consists of seven layers: human, perimeter security, network, endpoint, application, data, and core assets.
Last week, 9,223 crypto wallets from Phantom and Slope on the widely known blockchain ecosystem Solana were breached and drained for nearly US$6 million in total, with 1,400 breached wallets considered due to a Slope-related loophole.
The blockchain Solana and the crypto wallet Phantom, the other two parties involved in the breach, both claimed they had no code errors related to the exploit.